Changes between Version 36 and Version 37 of LdapPlugin


Ignore:
Timestamp:
Nov 20, 2009 4:30:59 PM (5 years ago)
Author:
nadinuvre
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • LdapPlugin

    v36 v37  
    1212 
    1313The original proposal for LDAP ACL is documented under ticket  
    14 [http://projects.edgewall.com/trac/ticket/535 Trac#535] on the official web site. 
    15  
    16 This plugin follows the same [http://trac.edgewall.com/license.html license] as Trac. 
     14Trac#535 on the official web site. 
     15 
     16This plugin follows the same license as Trac. 
    1717 
    1818== Requirements == 
     
    2525 
    2626You need the Python LDAP module. It can be retrieved from  
    27 [http://python-ldap.sourceforge.net/ python-ldap].[[BR]] LdapPlugin has been  
     27python-ldap.[[BR]] LdapPlugin has been  
    2828tested on a Debian Linux Sarge/Sid (2.4.x and 2.6.x) server, a Windows XP SP2 workstation,   
    2929as well as on !MacBookPro OS 10.4.8, all of them running Python 2.4 with Trac 'development' releases. 
    3030 
    3131To use the egg file you need to have  
    32 [http://peak.telecommunity.com/DevCenter/setuptools setuptools], version 0.6+  
     32setuptools, version 0.6+  
    3333installed.[[BR]]Please refer to the  
    34 [http://projects.edgewall.com/trac/wiki/TracPlugins TracPlugins] page for  
     34TracPlugins page for  
    3535information about plugin installation. 
    3636 
     
    4747== Installation == 
    4848 
    49  * Build the ''egg'' file following the plugin packaging [http://projects.edgewall.com/trac/wiki/TracDev/PluginDevelopment#Packaginganddeployingplugins instructions] 
     49 * Build the ''egg'' file following the plugin packaging instructions 
    5050 * Copy the `dist/LdapPlugin-0.y.z-py2.n.egg` file in your ''plugins'' project directory. 
    5151 
     
    5555protocol, as with any other Trac installation. Same authentication is available through IIS if you disable anonymous user and enable Integrated Windows Authentication on your site.[[BR]] 
    5656LdapPlugin retrieves the groups to which the authenticated user belongs and  
    57 checks the [http://projects.edgewall.com/trac/wiki/TracPermissions TracPermissions] 
     57checks the TracPermissions 
    5858against these groups, along with the regular permissions for the user. 
    5959 
    6060You probably want to use Apache2 LDAP authentication as well.[[BR]] 
    6161This topic is out of scope of this document but you may find useful information 
    62 on the official Apache2 [http://httpd.apache.org/docs-2.0/mod/mod_ldap.html mod_ldap]  
     62on the official Apache2 mod_ldap  
    6363web site. 
    6464 
     
    286286It is worth noting that the '''dn''' used for groups and for users may be 
    287287different, which should make things easier to add  
    288 [http://projects.edgewall.com/trac/wiki/TracPermissions TracPermissions] into  
    289 your existing LDAP directory. 
     288TracPermissions into your existing LDAP directory. For addition info read this [http://www.superiorpapers.com research paper]. 
    290289 
    291290To differentiate a group name from a user name in `trac-admin`, prefix the group 
    292 name with the `@` characters. This syntax has been borrowed from [http://www.samba.org Samba] 
     291name with the `@` characters. This syntax has been borrowed from Samba 
    293292and many other software dealing with group management.[[BR]] 
    294293One would grant the above permissions using the following `trac-admin` commands 
     
    313312 
    314313Once LDAP support has been activated, you can use `trac-admin` as usual to  
    315 define [http://projects.edgewall.com/trac/wiki/TracPermissions TracPermissions].[[BR]] 
     314define TracPermissions.[[BR]] 
    316315However, you can now use the existing groups defined in your LDAP directory to  
    317316assign permissions. 
     
    430429When a directory contains global permission directives, those permissions apply on every Trac environment accessing the LDAP directory, whichever the `global_perms` value. However, permissions are always created using the current environment permission setting. 
    431430 
    432 From the administrative point of view (`trac-admin`, [http://projects.edgewall.com/trac/wiki/WebAdmin WebAdmin], ...), there are no changes: permission are defined and retrieved as usual. 
     431From the administrative point of view (`trac-admin`, WebAdmin, ...), there are no changes: permission are defined and retrieved as usual. 
    433432 
    434433''Note:'' The environment ''name'' is based on the root directory of the Trac environment. This means that if you use different environment with the same name, such as: 
     
    501500 
    502501 * '''v0.0''': First attempt to write a LDAP bridge for Trac based on Trac 0.8, which required some hacks into the Trac engine. 
    503  * '''v0.1''': A new implementation has started on September, 1st '05, to profit from the new [http://projects.edgewall.com/trac/wiki/TracPlugins TracPlugins] module  architecture introduced in Trac 0.9-pre.[[BR]] This implementation should bring the following improvements: 
     502 * '''v0.1''': A new implementation has started on September, 1st '05, to profit from the new TracPlugins module  architecture introduced in Trac 0.9-pre.[[BR]] This implementation should bring the following improvements: 
    504503   * includes a cache to dramatically reduce LDAP requests 
    505    * better handling of LDAP errors[[BR]]This extension works with Trac 0.9-pre1 and requires the [http://peak.telecommunity.com/DevCenter/setuptools setuptools], version 0.5a13 
     504   * better handling of LDAP errors[[BR]]This extension works with Trac 0.9-pre1 and requires the setuptools, version 0.5a13 
    506505 * '''v0.2''': This new release fixes up a couple of bugs and works with Trac 0.9-pre2. It requires the [http://peak.telecommunity.com/DevCenter/setuptools setuptools], version 0.6+.[[BR]]It introduces support for LDAP permission store: TracPermissions can now be stored into the LDAP directory, rather than in the SQL backend.[[BR]]Each feature (LDAP as a provider of group permissions, LDAP as a permission store) are independent and can be enabled or disabled on demand. 
    507506 * '''v0.2.1''': Bug fixing